Unable to use painless script in group_by term in transform

ayazahmed · June 30, 2020, 12:22pm

following the tutorial from https://www.elastic.co/guide/en/elasticsearch/reference/current/transform-painless-examples.html#painless-group-by

POST _transform/_preview
{
  "source": {
    "index": [ 
      "kibana_sample_data_logs"
    ]
  },
  "pivot": {
    "group_by": {
      "agent": {
        "terms": {
          "script": { 
            "source": """String agent = doc['agent.keyword'].value;
            if (agent.contains("MSIE")) {
              return "internet explorer";
            } else if (agent.contains("AppleWebKit")) {
              return "safari";
            } else if (agent.contains('Firefox')) {
              return "firefox";
            } else { return agent }""",
            "lang": "painless"
          }
        }
      }
    },
    "aggregations": { 
      "200": {
        "filter": {
          "term": {
            "response": "200"
          }
        }
      },
      "404": {
        "filter": {
          "term": {
            "response": "404"
          }
        }
      },
      "503": {
        "filter": {
          "term": {
            "response": "503"
          }
        }
      }
    }
  },
  "dest": { 
    "index": "pivot_logs"
  }
}

response:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "x_content_parse_exception",
        "reason" : "[1:20] [data_frame_terms_group] unknown field [script]"
      }
    ],
    "type" : "x_content_parse_exception",
    "reason" : "[1:447] [data_frame_transform_config] failed to parse field [pivot]",
    "caused_by" : {
      "type" : "x_content_parse_exception",
      "reason" : "[1:447] [data_frame_transform_pivot] failed to parse field [group_by]",
      "caused_by" : {
        "type" : "x_content_parse_exception",
        "reason" : "[1:20] [data_frame_terms_group] unknown field [script]"
      }
    }
  },
  "status" : 400
}

elastic version:

{
  "name" : "loges",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "1jvrf2DvTbCByIZMjMFPqA",
  "version" : {
    "number" : "7.6.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "aa751e09be0a5072e8570670309b1f12348f023b",
    "build_date" : "2020-02-29T00:15:25.529771Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Hendrik_Muhs · June 30, 2020, 2:15pm

The documentation link targets the latest version which is 7.8, your version is 7.6.1.

Script support in group_by has been added in 7.7.

ayazahmed · June 30, 2020, 2:26pm

Thanks @Hendrik_Muhs, Do we have any alternative with same concept, in 7.6.1 ?

Hendrik_Muhs · June 30, 2020, 2:38pm

If your usecase is similar to the one from the documentation, you could fix the data during ingest or clean it up using reindex.

system · July 28, 2020, 2:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use painless script in transform aggregation Elasticsearch	7	915	August 10, 2020
Transform has failed; experienced: [task encountered irrecoverable failure: field name cannot be null.] Elasticsearch	4	1374	June 26, 2020
How to use split on script field on kibana Kibana	3	2352	December 22, 2017
5.6 script_fields painless extract ipaddress then aggregate Elasticsearch painless	2	370	August 18, 2022
Using painless with aggregation results Elasticsearch	14	6984	March 5, 2018

Unable to use painless script in group_by term in transform

Related topics